Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects to adware sites


  • Please log in to reply
5 replies to this topic

#1 Doc J

Doc J

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 11 December 2009 - 03:05 PM

Hi for everyone. When I do a google search (whatever it is), I have some results that, when I click on, they redirects me to a adware page, and a "antivirus" is downloaded (of course, I had never downloaded it, but Internet Download Manager tries to download it).
I don't have installed any new software at all, except ZoneAlarm Free, SpywareBlaster and Spybot - Search and Destroy. I also had installed ComboFix, but I'm waiting for for a expert to guide me through.
So, can anyone help me? Please?

(sorry for any english mistakes, I'm from Brazil).

BC AdBot (Login to Remove)

 


#2 azfreetech

azfreetech

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:04:59 PM

Posted 11 December 2009 - 04:56 PM

It’s possible that you have a rootkit infection so we will want to check this with Root Repeal.

Download Root Repeal and save it to your desktop. Here are some direct download links:

LINK 1
LINK 2
LINK 3
LINK 4

Once you have Root Repeal saved to your desktop, double click to open it. Click on the Report tab and then click scan. Check all seven boxes and click OK. Check the box for your main drive (c: in most cases) and then click OK. Let the Root Repeal scan run and once it’s complete (this may take some time) click on Save Report. Save the log to your desktop and then please post it in your response.

Next please download Gooredfix and save it to your desktop. Double click to run it and once it is done you will see a log called Goored.txt. Please post that in your next response as well.
DJ Digital Gem

I gave up on computers and now I just DJ!

#3 Doc J

Doc J
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 13 December 2009 - 11:10 PM

So, I ran both programs... I`m posting their logs:

ROOT REPEAL LOG
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/14 01:27
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x9FE8D000 Size: 45056 File Visible: No Signed: -
Status: -

Name: dump_msahci.sys
Image Path: C:\Windows\System32\Drivers\dump_msahci.sys
Address: 0x9FE98000 Size: 40960 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xB37CD000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spnk.sys
Image Path: C:\Windows\System32\Drivers\spnk.sys
Address: 0x80607000 Size: 1048576 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\RootRepeal report 12-14-09 (01-27-10).txt
Status: Visible to the Windows API, but not on disk.

Path: C:\System Volume Information\{234ced39-de9e-11de-b4b9-0021867f10fd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{29160044-e42a-11de-a43e-0021867f10fd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{372dcb39-e04e-11de-af06-0021867f10fd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{54f35463-e5a3-11de-be07-0021867f10fd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{81fab0cb-e4c7-11de-9b83-0021867f10fd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{82b671c3-e2bd-11de-ac89-0021867f10fd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Users\Default\NetHood
Status: Locked to the Windows API!

Path: C:\Users\Default\PrintHood
Status: Locked to the Windows API!

Path: C:\Users\Default\Templates
Status: Locked to the Windows API!

Path: C:\Windows\System32\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\System32\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\System32\MPEG2D~1.AX
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_49ef489714173a89.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_db5f5c9d98cb161f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_6b86c0e9b0196766.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949b06671d08ae.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_58b1a5ca663317c4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_dc9917e997f80c63.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_5c400d5e63e93b68.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_3b0e32bdc9afe437.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.1.0.0_none_6c030d6fdc86522c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4db266e67dd280ef.cat
Status: Locked to the Windows API!

Path: c:\windows\winsxs\x86_netfx-regsvcs_exe_config_v1_31bf3856ad364e35_6.0.6000.16386_none_db8a47dc2fa89810\regsvcs.exe.config
Status: Allocation size mismatch (API: 4096, Raw: 352)

Path: C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.18000_none_cd246fe92a8ad809\$$DeleteMe.BFE.DLL.01ca79aff69a1438.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.18000_none_cd246fe92a8ad809\$$DeleteMe.FWPUCLNT.DLL.01ca79aff67fe518.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.18000_none_cd246fe92a8ad809\$$DeleteMe.IKEEXT.DLL.01ca79aff6b1e1f8.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.16708_en-us_b9851a92245b1b73\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.20864_en-us_b9c9d6ad3dacfd87\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18096_en-us_bb08077221cc7808\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.22208_en-us_bbf4f6033a9f4c2e\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6002.18005_en-us_bd4ece0e1eaaafd1\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: c:\windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.16386_none_9b37358390728617\groupedproviders.xml
Status: Allocation size mismatch (API: 4096, Raw: 320)

Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6000.16720_none_04c87b54ba4ac535\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6000.20883_none_ee0091f8d3ed0a28\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6001.18111_none_04a3600aba9cd1d6\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6001.22230_none_edd7d0a6d4424ae9\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\DEFINE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\DEFINE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\DEFINE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\DEFINE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: c:\windows\winsxs\x86_netfx-config_files_.._regsvcs_exe_config_31bf3856ad364e35_6.0.6001.18111_none_5967918588c2d8c6\regsvcs.exe.config
Status: Allocation size mismatch (API: 4096, Raw: 360)

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.16720_none_c2e2272db9e7b99c\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.20883_none_c32de54ed3334d11\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.18111_none_c4d43609b70547f3\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.22230_none_c54732b2d0340648\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.16720_none_f570e12815568682\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.20883_none_dea8f7cc2ef8cb75\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7c8b5cbf426fb0d2\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.22230_none_65bfcd5b5c1529e5\MICROS~1.TAS
Status: Locked to the Windows API!

Path: c:\windows\winsxs\x86_netfx-regsvcs_exe_config_v1_31bf3856ad364e35_6.0.6001.18111_none_ddb73c1c2c9adb53\regsvcs.exe.config
Status: Allocation size mismatch (API: 4096, Raw: 352)

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxlist_31bf3856ad364e35_6.0.6001.18096_none_408185d4f04ca856\WINFXL~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_7aa059d88e5323b0\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_7ae515f3a7a505c4\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_7c2346b88bc48045\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.22208_none_7d103549a497546b\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6000.16708_none_1dbee32b03599791\PERFCO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6000.20864_none_1e039f461cab79a5\PERFCO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6001.18096_none_1f41d00b00caf426\PERFCO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6001.22208_none_202ebe9c199dc84c\PERFCO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6002.18005_none_218896a6fda92bef\PERFCO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6000.16708_none_9e7d8c92dbaad42f\WORKFL~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6000.20864_none_9ec248adf4fcb643\WORKFL~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6001.18096_none_a0007972d91c30c4\WORKFL~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18115_none_dbf76b9657133c48\MPEG2D~1.AX
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Processes
-------------------
Path: SYSTEM
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1344 Status: Locked to the Windows API!

SSDT
-------------------
#: 021 Function Name: NtAlpcConnectPort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9fd900a2

#: 022 Function Name: NtAlpcCreatePort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9fd90972

#: 054 Function Name: NtConnectPort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9fd8faf8

#: 060 Function Name: NtCreateFile
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9fd890d8

#: 064 Function Name: NtCreateKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9fda7aa6

#: 071 Function Name: NtCreatePort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9fd90602

#: 072 Function Name: NtCreateProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9fda3f6a

#: 073 Function Name: NtCreateProcessEx
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9fda4392

#: 075 Function Name: NtCreateSection
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9fdac36a

#: 078 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xaa53a40c

#: 115 Function Name: NtCreateWaitablePort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9fd90760

#: 122 Function Name: NtDeleteFile
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9fd89f9a

#: 123 Function Name: NtDeleteKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9fda94bc

#: 126 Function Name: NtDeleteValueKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9fda8db2

#: 129 Function Name: NtDuplicateObject
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9fda2da8

#: 166 Function Name: NtLoadKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9fda9e86

#: 167 Function Name: NtLoadKey2
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9fdaa0c4

#: 168 Function Name: NtLoadKeyEx
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9fdaa576

#: 186 Function Name: NtOpenFile
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9fd89a8c

#: 194 Function Name: NtOpenProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9fda5fc2

#: 201 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xaa53a3fd

#: 267 Function Name: NtRenameKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9fdab30c

#: 268 Function Name: NtReplaceKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9fdaa840

#: 276 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9fd8f690

#: 280 Function Name: NtRestoreKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9fdaaf4c

#: 286 Function Name: NtSecureConnectPort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9fd8fdc4

#: 301 Function Name: NtSetInformationFile
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9fd8a3a4

#: 314 Function Name: NtSetSecurityObject
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9fdab894

#: 324 Function Name: NtSetValueKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9fda84d6

#: 332 Function Name: NtSystemDebugControl
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9fda508e

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9fda4dbe

#: 383 Function Name: NtCreateUserProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x9fda4806

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x85d8c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x85d8c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x85d8c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x85d8c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x85d8c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x85d8c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x85d8c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x85d8c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x85d8c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x85d8c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x85d8c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x85d8c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x85d8c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85d8c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x85d8c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x85d8c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x85d8c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x85d8c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x85d8c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x85d8c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x85d8c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x85d8c1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_CREATE]
Process: System Address: 0x85a941f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x85a941f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_READ]
Process: System Address: 0x85a941f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_WRITE]
Process: System Address: 0x85a941f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x85a941f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x85a941f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x85a941f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x85a941f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x85a941f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x85a941f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x85a941f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x85a941f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x85a941f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85a941f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x85a941f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x85a941f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x85a941f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_PNP]
Process: System Address: 0x85a941f8 Size: 121

Object: Hidden Code [Driver: arc, IRP_MJ_CREATE]
Process: System Address: 0x85d741f8 Size: 121

Object: Hidden Code [Driver: arc, IRP_MJ_CLOSE]
Process: System Address: 0x85d741f8 Size: 121

Object: Hidden Code [Driver: arc, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85d741f8 Size: 121

Object: Hidden Code [Driver: arc, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85d741f8 Size: 121

Object: Hidden Code [Driver: arc, IRP_MJ_POWER]
Process: System Address: 0x85d741f8 Size: 121

Object: Hidden Code [Driver: arc, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85d741f8 Size: 121

Object: Hidden Code [Driver: arc, IRP_MJ_PNP]
Process: System Address: 0x85d741f8 Size: 121

Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_CREATE]
Process: System Address: 0x85d7c1f8 Size: 121

Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_CLOSE]
Process: System Address: 0x85d7c1f8 Size: 121

Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85d7c1f8 Size: 121

Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85d7c1f8 Size: 121

Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_POWER]
Process: System Address: 0x85d7c1f8 Size: 121

Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85d7c1f8 Size: 121

Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_PNP]
Process: System Address: 0x85d7c1f8 Size: 121

Object: Hidden Code [Driver: iteatapi, IRP_MJ_CREATE]
Process: System Address: 0x85d791f8 Size: 121

Object: Hidden Code [Driver: iteatapi, IRP_MJ_CLOSE]
Process: System Address: 0x85d791f8 Size: 121

Object: Hidden Code [Driver: iteatapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85d791f8 Size: 121

Object: Hidden Code [Driver: iteatapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85d791f8 Size: 121

Object: Hidden Code [Driver: iteatapi, IRP_MJ_POWER]
Process: System Address: 0x85d791f8 Size: 121

Object: Hidden Code [Driver: iteatapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85d791f8 Size: 121

Object: Hidden Code [Driver: iteatapi, IRP_MJ_PNP]
Process: System Address: 0x85d791f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_CREATE]
Process: System Address: 0x85d6a1f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_CLOSE]
Process: System Address: 0x85d6a1f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85d6a1f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85d6a1f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_POWER]
Process: System Address: 0x85d6a1f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85d6a1f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_PNP]
Process: System Address: 0x85d6a1f8 Size: 121

Object: Hidden Code [Driver: HpCISSs, IRP_MJ_CREATE]
Process: System Address: 0x85d6f1f8 Size: 121

Object: Hidden Code [Driver: HpCISSs, IRP_MJ_CLOSE]
Process: System Address: 0x85d6f1f8 Size: 121

Object: Hidden Code [Driver: HpCISSs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85d6f1f8 Size: 121

Object: Hidden Code [Driver: HpCISSs, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85d6f1f8 Size: 121

Object: Hidden Code [Driver: HpCISSs, IRP_MJ_POWER]
Process: System Address: 0x85d6f1f8 Size: 121

Object: Hidden Code [Driver: HpCISSs, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85d6f1f8 Size: 121

Object: Hidden Code [Driver: HpCISSs, IRP_MJ_PNP]
Process: System Address: 0x85d6f1f8 Size: 121

Object: Hidden Code [Driver: megasas, IRP_MJ_CREATE]
Process: System Address: 0x85d7d1f8 Size: 121

Object: Hidden Code [Driver: megasas, IRP_MJ_CLOSE]
Process: System Address: 0x85d7d1f8 Size: 121

Object: Hidden Code [Driver: megasas, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85d7d1f8 Size: 121

Object: Hidden Code [Driver: megasas, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85d7d1f8 Size: 121

Object: Hidden Code [Driver: megasas, IRP_MJ_POWER]
Process: System Address: 0x85d7d1f8 Size: 121

Object: Hidden Code [Driver: megasas, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85d7d1f8 Size: 121

Object: Hidden Code [Driver: megasas, IRP_MJ_PNP]
Process: System Address: 0x85d7d1f8 Size: 121

Object: Hidden Code [Driver: ql2300, IRP_MJ_CREATE]
Process: System Address: 0x85d811f8 Size: 121

Object: Hidden Code [Driver: ql2300, IRP_MJ_CLOSE]
Process: System Address: 0x85d811f8 Size: 121

Object: Hidden Code [Driver: ql2300, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85d811f8 Size: 121

Object: Hidden Code [Driver: ql2300, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85d811f8 Size: 121

Object: Hidden Code [Driver: ql2300, IRP_MJ_POWER]
Process: System Address: 0x85d811f8 Size: 121

Object: Hidden Code [Driver: ql2300, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85d811f8 Size: 121

Object: Hidden Code [Driver: ql2300, IRP_MJ_PNP]
Process: System Address: 0x85d811f8 Size: 121

Object: Hidden Code [Driver: arcsas, IRP_MJ_CREATE]
Process: System Address: 0x85d751f8 Size: 121

Object: Hidden Code [Driver: arcsas, IRP_MJ_CLOSE]
Process: System Address: 0x85d751f8 Size: 121

Object: Hidden Code [Driver: arcsas, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85d751f8 Size: 121

Object: Hidden Code [Driver: arcsas, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85d751f8 Size: 121

Object: Hidden Code [Driver: arcsas, IRP_MJ_POWER]
Process: System Address: 0x85d751f8 Size: 121

Object: Hidden Code [Driver: arcsas, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85d751f8 Size: 121

Object: Hidden Code [Driver: arcsas, IRP_MJ_PNP]
Process: System Address: 0x85d751f8 Size: 121

Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_CREATE]
Process: System Address: 0x85d831f8 Size: 121

Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_CLOSE]
Process: System Address: 0x85d831f8 Size: 121

Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85d831f8 Size: 121

Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85d831f8 Size: 121

Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_POWER]
Process: System Address: 0x85d831f8 Size: 121

Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85d831f8 Size: 121

Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_PNP]
Process: System Address: 0x85d831f8 Size: 121

Object: Hidden Code [Driver: Mraid35x, IRP_MJ_CREATE]
Process: System Address: 0x85d7f1f8 Size: 121

Object: Hidden Code [Driver: Mraid35x, IRP_MJ_CLOSE]
Process: System Address: 0x85d7f1f8 Size: 121

Object: Hidden Code [Driver: Mraid35x, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85d7f1f8 Size: 121

Object: Hidden Code [Driver: Mraid35x, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85d7f1f8 Size: 121

Object: Hidden Code [Driver: Mraid35x, IRP_MJ_POWER]
Process: System Address: 0x85d7f1f8 Size: 121

Object: Hidden Code [Driver: Mraid35x, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85d7f1f8 Size: 121

Object: Hidden Code [Driver: Mraid35x, IRP_MJ_PNP]
Process: System Address: 0x85d7f1f8 Size: 121

Object: Hidden Code [Driver: adpu320, IRP_MJ_CREATE]
Process: System Address: 0x85d731f8 Size: 121

Object: Hidden Code [Driver: adpu320, IRP_MJ_CLOSE]
Process: System Address: 0x85d731f8 Size: 121

Object: Hidden Code [Driver: adpu320, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85d731f8 Size: 121

Object: Hidden Code [Driver: adpu320, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85d731f8 Size: 121

Object: Hidden Code [Driver: adpu320, IRP_MJ_POWER]
Process: System Address: 0x85d731f8 Size: 121

Object: Hidden Code [Driver: adpu320, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85d731f8 Size: 121

Object: Hidden Code [Driver: adpu320, IRP_MJ_PNP]
Process: System Address: 0x85d731f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x85d6b1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x85d6b1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85d6b1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85d6b1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x85d6b1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85d6b1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x85d6b1f8 Size: 121

Object: Hidden Code [Driver: cdrom舓舓Ѕ硆慌ﴀ蛩�蛪蛩, IRP_MJ_CREATE]
Process: System Address: 0x86de03f0 Size: 121

Object: Hidden Code [Driver: cdrom舓舓Ѕ硆慌ﴀ蛩�蛪蛩, IRP_MJ_CLOSE]
Process: System Address: 0x86de03f0 Size: 121

Object: Hidden Code [Driver: cdrom舓舓Ѕ硆慌ﴀ蛩�蛪蛩, IRP_MJ_READ]
Process: System Address: 0x86de03f0 Size: 121

Object: Hidden Code [Driver: cdrom舓舓Ѕ硆慌ﴀ蛩�蛪蛩, IRP_MJ_WRITE]
Process: System Address: 0x86de03f0 Size: 121

Object: Hidden Code [Driver: cdrom舓舓Ѕ硆慌ﴀ蛩�蛪蛩, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86de03f0 Size: 121

Object: Hidden Code [Driver: cdrom舓舓Ѕ硆慌ﴀ蛩�蛪蛩, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86de03f0 Size: 121

Object: Hidden Code [Driver: cdrom舓舓Ѕ硆慌ﴀ蛩�蛪蛩, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86de03f0 Size: 121

Object: Hidden Code [Driver: cdrom舓舓Ѕ硆慌ﴀ蛩�蛪蛩, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86de03f0 Size: 121

Object: Hidden Code [Driver: cdrom舓舓Ѕ硆慌ﴀ蛩�蛪蛩, IRP_MJ_POWER]
Process: System Address: 0x86de03f0 Size: 121

Object: Hidden Code [Driver: cdrom舓舓Ѕ硆慌ﴀ蛩�蛪蛩, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86de03f0 Size: 121

Object: Hidden Code [Driver: cdrom舓舓Ѕ硆慌ﴀ蛩�蛪蛩, IRP_MJ_PNP]
Process: System Address: 0x86de03f0 Size: 121

Object: Hidden Code [Driver: SiSRaid4, IRP_MJ_CREATE]
Process: System Address: 0x85d841f8 Size: 121

Object: Hidden Code [Driver: SiSRaid4, IRP_MJ_CLOSE]
Process: System Address: 0x85d841f8 Size: 121

Object: Hidden Code [Driver: SiSRaid4, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85d841f8 Size: 121

Object: Hidden Code [Driver: SiSRaid4, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85d841f8 Size: 121

Object: Hidden Code [Driver: SiSRaid4, IRP_MJ_POWER]
Process: System Address: 0x85d841f8 Size: 121

Object: Hidden Code [Driver: SiSRaid4, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85d841f8 Size: 121

Object: Hidden Code [Driver: SiSRaid4, IRP_MJ_PNP]
Process: System Address: 0x85d841f8 Size: 121

Object: Hidden Code [Driver: adpahci, IRP_MJ_CREATE]
Process: System Address: 0x85d711f8 Size: 121

Object: Hidden Code [Driver: adpahci, IRP_MJ_CLOSE]
Process: System Address: 0x85d711f8 Size: 121

Object: Hidden Code [Driver: adpahci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85d711f8 Size: 121

Object: Hidden Code [Driver: adpahci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85d711f8 Size: 121

Object: Hidden Code [Driver: adpahci, IRP_MJ_POWER]
Process: System Address: 0x85d711f8 Size: 121

Object: Hidden Code [Driver: adpahci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85d711f8 Size: 121

Object: Hidden Code [Driver: adpahci, IRP_MJ_PNP]
Process: System Address: 0x85d711f8 Size: 121

Object: Hidden Code [Driver: iirsp, IRP_MJ_CREATE]
Process: System Address: 0x85d781f8 Size: 121

Object: Hidden Code [Driver: iirsp, IRP_MJ_CLOSE]
Process: System Address: 0x85d781f8 Size: 121

Object: Hidden Code [Driver: iirsp, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85d781f8 Size: 121

Object: Hidden Code [Driver: iirsp, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85d781f8 Size: 121

Object: Hidden Code [Driver: iirsp, IRP_MJ_POWER]
Process: System Address: 0x85d781f8 Size: 121

Object: Hidden Code [Driver: iirsp, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85d781f8 Size: 121

Object: Hidden Code [Driver: iirsp, IRP_MJ_PNP]
Process: System Address: 0x85d781f8 Size: 121

Object: Hidden Code [Driver: uliahci, IRP_MJ_CREATE]
Process: System Address: 0x85d881f8 Size: 121

Object: Hidden Code [Driver: uliahci, IRP_MJ_CLOSE]
Process: System Address: 0x85d881f8 Size: 121

Object: Hidden Code [Driver: uliahci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85d881f8 Size: 121

Object: Hidden Code [Driver: uliahci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85d881f8 Size: 121

Object: Hidden Code [Driver: uliahci, IRP_MJ_POWER]
Process: System Address: 0x85d881f8 Size: 121

Object: Hidden Code [Driver: uliahci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85d881f8 Size: 121

Object: Hidden Code [Driver: uliahci, IRP_MJ_PNP]
Process: System Address: 0x85d881f8 Size: 121

Object: Hidden Code [Driver: ql40xx, IRP_MJ_CREATE]
Process: System Address: 0x85d821f8 Size: 121

Object: Hidden Code [Driver: ql40xx, IRP_MJ_CLOSE]
Process: System Address: 0x85d821f8 Size: 121

Object: Hidden Code [Driver: ql40xx, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85d821f8 Size: 121

Object: Hidden Code [Driver: ql40xx, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85d821f8 Size: 121

Object: Hidden Code [Driver: ql40xx, IRP_MJ_POWER]
Process: System Address: 0x85d821f8 Size: 121

Object: Hidden Code [Driver: ql40xx, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85d821f8 Size: 121

Object: Hidden Code [Driver: ql40xx, IRP_MJ_PNP]
Process: System Address: 0x85d821f8 Size: 121

Object: Hidden Code [Driver: USBSTOR蟺Ј浗剩鑈蛴驰蛷鰀蛴, IRP_MJ_CREATE]
Process: System Address: 0x85a4c500 Size: 121

Object: Hidden Code [Driver: USBSTOR蟺Ј浗剩鑈蛴驰蛷鰀蛴, IRP_MJ_CLOSE]
Process: System Address: 0x85a4c500 Size: 121

Object: Hidden Code [Driver: USBSTOR蟺Ј浗剩鑈蛴驰蛷鰀蛴, IRP_MJ_READ]
Process: System Address: 0x85a4c500 Size: 121

Object: Hidden Code [Driver: USBSTOR蟺Ј浗剩鑈蛴驰蛷鰀蛴, IRP_MJ_WRITE]
Process: System Address: 0x85a4c500 Size: 121

Object: Hidden Code [Driver: USBSTOR蟺Ј浗剩鑈蛴驰蛷鰀蛴, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85a4c500 Size: 121

Object: Hidden Code [Driver: USBSTOR蟺Ј浗剩鑈蛴驰蛷鰀蛴, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85a4c500 Size: 121

Object: Hidden Code [Driver: USBSTOR蟺Ј浗剩鑈蛴驰蛷鰀蛴, IRP_MJ_POWER]
Process: System Address: 0x85a4c500 Size: 121

Object: Hidden Code [Driver: USBSTOR蟺Ј浗剩鑈蛴驰蛷鰀蛴, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85a4c500 Size: 121

Object: Hidden Code [Driver: USBSTOR蟺Ј浗剩鑈蛴驰蛷鰀蛴, IRP_MJ_PNP]
Process: System Address: 0x85a4c500 Size: 121

Object: Hidden Code [Driver: Symc8xx, IRP_MJ_CREATE]
Process: System Address: 0x85d851f8 Size: 121

Object: Hidden Code [Driver: Symc8xx, IRP_MJ_CLOSE]
Process: System Address: 0x85d851f8 Size: 121

Object: Hidden Code [Driver: Symc8xx, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85d851f8 Size: 121

Object: Hidden Code [Driver: Symc8xx, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85d851f8 Size: 121

Object: Hidden Code [Driver: Symc8xx, IRP_MJ_POWER]
Process: System Address: 0x85d851f8 Size: 121

Object: Hidden Code [Driver: Symc8xx, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85d851f8 Size: 121

Object: Hidden Code [Driver: Symc8xx, IRP_MJ_PNP]
Process: System Address: 0x85d851f8 Size: 121

Object: Hidden Code [Driver: usbohci浥Ѕ潉†, IRP_MJ_CREATE]
Process: System Address: 0x86e9f1f8 Size: 121

Object: Hidden Code [Driver: usbohci浥Ѕ潉†, IRP_MJ_CLOSE]
Process: System Address: 0x86e9f1f8 Size: 121

Object: Hidden Code [Driver: usbohci浥Ѕ潉†, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86e9f1f8 Size: 121

Object: Hidden Code [Driver: usbohci浥Ѕ潉†, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86e9f1f8 Size: 121

Object: Hidden Code [Driver: usbohci浥Ѕ潉†, IRP_MJ_POWER]
Process: System Address: 0x86e9f1f8 Size: 121

Object: Hidden Code [Driver: usbohci浥Ѕ潉†, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86e9f1f8 Size: 121

Object: Hidden Code [Driver: usbohci浥Ѕ潉†, IRP_MJ_PNP]
Process: System Address: 0x86e9f1f8 Size: 121

Object: Hidden Code [Driver: nfrd960, IRP_MJ_CREATE]
Process: System Address: 0x85d801f8 Size: 121

Object: Hidden Code [Driver: nfrd960, IRP_MJ_CLOSE]
Process: System Address: 0x85d801f8 Size: 121

Object: Hidden Code [Driver: nfrd960, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85d801f8 Size: 121

Object: Hidden Code [Driver: nfrd960, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85d801f8 Size: 121

Object: Hidden Code [Driver: nfrd960, IRP_MJ_POWER]
Process: System Address: 0x85d801f8 Size: 121

Object: Hidden Code [Driver: nfrd960, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85d801f8 Size: 121

Object: Hidden Code [Driver: nfrd960, IRP_MJ_PNP]
Process: System Address: 0x85d801f8 Size: 121

Object: Hidden Code [Driver: LSI_FC, IRP_MJ_CREATE]
Process: System Address: 0x85d7b1f8 Size: 121

Object: Hidden Code [Driver: LSI_FC, IRP_MJ_CLOSE]
Process: System Address: 0x85d7b1f8 Size: 121

Object: Hidden Code [Driver: LSI_FC, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85d7b1f8 Size: 121

Object: Hidden Code [Driver: LSI_FC, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85d7b1f8 Size: 121

Object: Hidden Code [Driver: LSI_FC, IRP_MJ_POWER]
Process: System Address: 0x85d7b1f8 Size: 121

Object: Hidden Code [Driver: LSI_FC, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85d7b1f8 Size: 121

Object: Hidden Code [Driver: LSI_FC, IRP_MJ_PNP]
Process: System Address: 0x85d7b1f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_CREATE]
Process: System Address: 0x85d721f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_CLOSE]
Process: System Address: 0x85d721f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85d721f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85d721f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_POWER]
Process: System Address: 0x85d721f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85d721f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_PNP]
Process: System Address: 0x85d721f8 Size: 121

Object: Hidden Code [Driver: Sym_u3, IRP_MJ_CREATE]
Process: System Address: 0x85d871f8 Size: 121

Object: Hidden Code [Driver: Sym_u3, IRP_MJ_CLOSE]
Process: System Address: 0x85d871f8 Size: 121

Object: Hidden Code [Driver: Sym_u3, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85d871f8 Size: 121

Object: Hidden Code [Driver: Sym_u3, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85d871f8 Size: 121

Object: Hidden Code [Driver: Sym_u3, IRP_MJ_POWER]
Process: System Address: 0x85d871f8 Size: 121

Object: Hidden Code [Driver: Sym_u3, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85d871f8 Size: 121

Object: Hidden Code [Driver: Sym_u3, IRP_MJ_PNP]
Process: System Address: 0x85d871f8 Size: 121

Object: Hidden Code [Driver: Smb牃І华牉₰蚼蟊, IRP_MJ_CREATE]
Process: System Address: 0x87d331f8 Size: 121

Object: Hidden Code [Driver: Smb牃І华牉₰蚼蟊, IRP_MJ_CLOSE]
Process: System Address: 0x87d331f8 Size: 121

Object: Hidden Code [Driver: Smb牃І华牉₰蚼蟊, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x87d331f8 Size: 121

Object: Hidden Code [Driver: Smb牃І华牉₰蚼蟊, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x87d331f8 Size: 121

Object: Hidden Code [Driver: Smb牃І华牉₰蚼蟊, IRP_MJ_CLEANUP]
Process: System Address: 0x87d331f8 Size: 121

Object: Hidden Code [Driver: Smb牃І华牉₰蚼蟊, IRP_MJ_PNP]
Process: System Address: 0x87d331f8 Size: 121

Object: Hidden Code [Driver: netbt蛟, IRP_MJ_CREATE]
Process: System Address: 0x87d27500 Size: 121

Object: Hidden Code [Driver: netbt蛟, IRP_MJ_CLOSE]
Process: System Address: 0x87d27500 Size: 121

Object: Hidden Code [Driver: netbt蛟, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x87d27500 Size: 121

Object: Hidden Code [Driver: netbt蛟, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x87d27500 Size: 121

Object: Hidden Code [Driver: netbt蛟, IRP_MJ_CLEANUP]
Process: System Address: 0x87d27500 Size: 121

Object: Hidden Code [Driver: netbt蛟, IRP_MJ_PNP]
Process: System Address: 0x87d27500 Size: 121

Object: Hidden Code [Driver: UlSata, IRP_MJ_CREATE]
Process: System Address: 0x85d891f8 Size: 121

Object: Hidden Code [Driver: UlSata, IRP_MJ_CLOSE]
Process: System Address: 0x85d891f8 Size: 121

Object: Hidden Code [Driver: UlSata, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85d891f8 Size: 121

Object: Hidden Code [Driver: UlSata, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85d891f8 Size: 121

Object: Hidden Code [Driver: UlSata, IRP_MJ_POWER]
Process: System Address: 0x85d891f8 Size: 121

Object: Hidden Code [Driver: UlSata, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85d891f8 Size: 121

Object: Hidden Code [Driver: UlSata, IRP_MJ_PNP]
Process: System Address: 0x85d891f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЄ敒慔, IRP_MJ_CREATE]
Process: System Address: 0x86f1e1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЄ敒慔, IRP_MJ_CLOSE]
Process: System Address: 0x86f1e1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЄ敒慔, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f1e1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЄ敒慔, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f1e1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЄ敒慔, IRP_MJ_POWER]
Process: System Address: 0x86f1e1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЄ敒慔, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f1e1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЄ敒慔, IRP_MJ_PNP]
Process: System Address: 0x86f1e1f8 Size: 121

Object: Hidden Code [Driver: msahci, IRP_MJ_POWER]
Process: System Address: 0x85d6e1f8 Size: 121

Object: Hidden Code [Driver: msahci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85d6e1f8 Size: 121

Object: Hidden Code [Driver: msahci, IRP_MJ_PNP]
Process: System Address: 0x85d6e1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x86ea31f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x86ea31f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86ea31f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86ea31f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x86ea31f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86ea31f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x86ea31f8 Size: 121

Object: Hidden Code [Driver: iteraid, IRP_MJ_CREATE]
Process: System Address: 0x85d7a1f8 Size: 121

Object: Hidden Code [Driver: iteraid, IRP_MJ_CLOSE]
Process: System Address: 0x85d7a1f8 Size: 121

Object: Hidden Code [Driver: iteraid, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85d7a1f8 Size: 121

Object: Hidden Code [Driver: iteraid, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85d7a1f8 Size: 121

Object: Hidden Code [Driver: iteraid, IRP_MJ_POWER]
Process: System Address: 0x85d7a1f8 Size: 121

Object: Hidden Code [Driver: iteraid, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85d7a1f8 Size: 121

Object: Hidden Code [Driver: iteraid, IRP_MJ_PNP]
Process: System Address: 0x85d7a1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System Address: 0x85d681f8 Size: 121

Object: Hidden Code [Driver: volmgr==EOF==

GOORED FIX LOG
GooredFix by jpshortstuff (06.12.09.1)
Log created at 02:05 on 14/12/2009 (Doc J)
Firefox version 3.5.5 (pt-BR)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [03:15 24/12/2008]
{B13721C7-F507-4982-B2E5-502A71474FED} [18:30 11/06/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [04:47 25/03/2009]

C:\Users\Doc J\Application Data\Mozilla\Firefox\Profiles\1hbzcqpu.default\extensions\
{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [02:01 14/12/2009]
{20a82645-c095-46ed-80e3-08825760534b} [02:38 26/06/2009]
{87F8774F-B485-47E2-A755-A40A8A5E886C} [21:12 08/09/2009]
{987311C6-B504-4aa2-90BF-60CC49808D42} [23:43 16/11/2009]
{f44c1ffa-6a39-4b6b-9c15-aaf66720ca08} [16:59 04/12/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2" [08:51 30/04/2008]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [01:10 24/03/2009]
"{FFB96CC1-7EB3-449D-B827-DB661701C6BB}"="C:\Program Files\CheckPoint\ZAForceField\TrustChecker" [15:44 10/12/2009]

---------- Old Logs ----------
GooredFix[04.04.50_14-12-2009].txt

-=E.O.F=-
Thanx for your help! :thumbsup:

#4 azfreetech

azfreetech

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:04:59 PM

Posted 14 December 2009 - 01:33 PM

Well that doesn't look very good :thumbsup:

I usually try running Malwarebytes first. You can get it HERE . Install, update and run it. If you have problems installing it then try renaming the file before saving it to your desktop. I like renaming it to bigmama.

Remove what MBAM finds and then install and run ATF Cleaner (for Windows XP and 2000 only!). Check the box for select all and then click the button Empty Selected. This will help clear out temp files, cookies and other junk that clutters up Windows.

Next install, update and run SUPERAntiSpyware. Get rid of what it finds. Finally update and run your antivirus program and get rid of anything that it finds.
DJ Digital Gem

I gave up on computers and now I just DJ!

#5 Doc J

Doc J
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 15 December 2009 - 04:19 PM

Well that doesn't look very good :flowers:

I usually try running Malwarebytes first. You can get it HERE . Install, update and run it. If you have problems installing it then try renaming the file before saving it to your desktop. I like renaming it to bigmama.

Remove what MBAM finds and then install and run ATF Cleaner (for Windows XP and 2000 only!). Check the box for select all and then click the button Empty Selected. This will help clear out temp files, cookies and other junk that clutters up Windows.

Next install, update and run SUPERAntiSpyware. Get rid of what it finds. Finally update and run your antivirus program and get rid of anything that it finds.


Azfreetech, I've followed all the steps above, but google still redirects to malware sites.
There were some virus, spywares etc found by the softwares, but the problem is not solved.
Is there anything else to do now? :thumbsup:
Thanx!

#6 Doc J

Doc J
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 23 December 2009 - 10:36 PM

I still have this problem!! Can anyone help me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users